package com.only4play.authcenter.v2.security.config;

import com.only4play.authcenter.v2.security.entrypoint.CustomAuthenticationEntryPoint;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;

import static com.only4play.authcenter.v2.security.authentication.admin.dingtalk.AdminDingTalkLoginConfigurer.adminDingTalkLoginConfigurer;
import static com.only4play.authcenter.v2.security.authentication.admin.password.AdminPasswordLoginConfigurer.adminPasswordLoginConfigurer;
import static com.only4play.authcenter.v2.security.authentication.admin.sms.AdminSmsLoginConfigurer.adminSmsLoginConfigurer;
import static com.only4play.authcenter.v2.security.authentication.user.password.UserPasswordLoginConfigurer.userPasswordLoginConfigurer;
import static com.only4play.authcenter.v2.security.authentication.user.sms.UserSmsLoginConfigurer.userSmsLoginConfigurer;

/**
 * @author hinzzz www.hinzzz.cn 157957329@qq.com
 * 2024-04-08
 */
@EnableWebSecurity
public class SecurityConfig {


    /**
     * 管理员登录
     *
     * @param http
     * @return
     * @throws Exception
     */
    @Bean
    public SecurityFilterChain adminLoginFilterChain(HttpSecurity http) throws Exception {

        http.apply(adminPasswordLoginConfigurer());
        http.apply(adminSmsLoginConfigurer());
        http.apply(adminDingTalkLoginConfigurer());
        http.antMatcher("/admin/**")
                .csrf(AbstractHttpConfigurer::disable)
                .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .exceptionHandling(exception -> {
                    exception.authenticationEntryPoint(entryPoint());
                    //exception.accessDeniedHandler()
                })
                .authorizeHttpRequests(request -> request.antMatchers("/admin/**").permitAll());
        return http.build();
    }

    /**
     * 用户登录
     *
     * @param http
     * @return
     * @throws Exception
     */

    @Bean
    public SecurityFilterChain userLoginFilterChain(HttpSecurity http) throws Exception {
        http.apply(userPasswordLoginConfigurer());
        http.apply(userSmsLoginConfigurer());
        http.antMatcher("/user/**")
                .csrf(AbstractHttpConfigurer::disable)
                .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .exceptionHandling(exception -> {
                    exception.authenticationEntryPoint(entryPoint());
                    //exception.accessDeniedHandler()
                })
                .authorizeHttpRequests(request -> request.antMatchers("/user/**").permitAll());


        return http.build();
    }

    @Bean
    public AuthenticationEntryPoint entryPoint() {
        return new CustomAuthenticationEntryPoint();
    }

}
